Community discussions

MikroTik App
 
xbufu
just joined
Topic Author
Posts: 1
Joined: Wed Sep 08, 2021 2:40 pm

Configure port mirroring for SIEM in homelab

Wed Sep 08, 2021 2:49 pm

Hi!

I am currently building my first homelab, which I will mainly use to practice cyber security. I am very new to networking and not familiar with how to set everything up yet. My lab layout should look like the the following: Internet -> pfSense firewall -> routerboard/switch -> ESXi server.

My goal is to also monitor all traffic on the network through a SIEM like SecurityOnion. For that to work, I found that I should use port mirroring, meaning that one port will "see" all traffic going through the other ports.

I just got my MikroTik RB2011UiAS-2HnD-IN routerboard for my homelab and am in the process of setting it up. I basically left it on default settings, with eth1 as my WAN interface and only changed the master password and disabled the WiFi. I don't have my machine for running SecurityOnion yet, but will have it by the end of the week. I wanted to ask how to properly configure the port mirroring? Should I just set eth1 as source and eth5 as the target and it's done? Or is there something else I need to do/configure?

I hope you guys can help me out, still a complete noob at this :D

Who is online

Users browsing this forum: dioeyandika, GoogleOther [Bot], rplant and 42 guests